14 DAY TRIAL // An unpatched vulnerability in Internet Explorer would allow an attacker to take control of a vulnerable computer, with the flaw said to exist in basically all versions of the browsers.
New reports claim that the public exploit is now being used by more and more hackers, with Microsoft only planning to release the fix this week as part of the Patch Tuesday cycle.
But as far as Ken Pickering, director of engineering at CORE Security, is concerned, users should really stay away from Internet Explorer until this patch is delivered.
"Realistically, people should avoid using IE if possible until the patch for this fix is released," he told eWeek.
"I personally believe in responsible release of exploits, giving the vendor time to appropriately patch the problem rather than making the situation even worse by giving unskilled attackers the capability to abuse this zero-day. Even in this case where the exploit is publicly disclosed, including it in any framework before Microsoft has had a chance to roll something out can potentially make the situation much worse."
The patch will be delivered to IE users tomorrow using the same Windows Update tool, so make sure you install the available fixes as soon as possible.